Security in the age of digital
By Eric Matthies
Stories about leaked data, digital security breaches and computer viruses that can snoop, snitch and spy fill news media on a weekly basis. A tipping point has been reached. As an increasingly digital society, we must acknowledge that our carefree days of naively entrusting information to the internet are over.
Bolstering the security of legal and financial records is at the forefront of public awareness in the digital ecosystem. One of the many awesome features of digital technology, which is often overlooked, is our ability to self-govern it. Just as driving a car can be made safer if you switch off your mobile phone and allow your voicemail and SMS storage to do their job, critical information that you enter into digital space can be easily made safe by adding a few steps to secure your data.
For journalists, protecting the digital footprint of their work has never been more important. Reporters must consider that securing not only their personal data but also that which contains information on witnesses, locations, fixers, sources and privileged facts can be a matter of life or death. Chilling stories from Syria and Iran illustrate situations where journalists’ confidential information was used by government forces to arrest and torture interview subjects. The old adage ‘every speaker is a microphone’ has never been more true; when we use the World Wide Web we are broadcasting myriad facts about our location and activities, and may even be broadcasting the very keystrokes of our writing.
While the complexities and formats of malware, spyware and digital surveillance are constantly evolving, reliable watchdogs work diligently to inform us of the latest technologies to combat these threats. There are several basic measures that everyone – particularly investigative journalists – should make use of. The CPJ Security Guide has a lengthy section on digital security, with numerous links to resources. Electronic Frontier Foundation (EFF), Securosis and SC Magazine are among other resources for reliable information. The following are some primary measures that I feel have made my own systems more secure.
- Enabling the HTTPS extension in the web browser. HTTPS (secure) encodes your computer’s communication with other websites. You can install HTTPS Everywhere if you are running Firefox or Google Chrome. Other browsers have their own HTTPS extensions.
- Using PGP (Pretty Good Privacy) to protect email.
- Downloading and utilizing encryption software. I prefer TrueCrypt but there are others available. These are programs that enable the creation of robustly encrypted volumes within which you can safely store documents, photos, audio and video. Since much of our data storage is migrating to cloud-based service, systems like SecureCloud are appearing to enable encryption of virtual data storage.
- Running antivirus and malware detection software on a monthly basis.
- When sharing secure files via email or web, do not send log in and password information in the same email.
- Using robust guidelines for creating passwords, and changing them regularly, especially after traveling in zones with unsecure wifi or net access (cyber cafe’s, hotels, etc).- Don’t pick words or phrases that relate to you personally.
- Use a random selection of upper & lower case letters, numbers and symbols.
- Use a minimum of 10-12 characters.
- If you use a multiple-password software like LastPass or OnePass, change the primary password regularly and maintain high security level settings.
- When answering ‘reminder’ questions (favorite pet, birth city, etc.) have a set of fictitious answers that you can easily recall.
- One might also consider running a personal VPN (Virtual Private Network) like those available through Witopia. This ensures that your IP address isn’t revealed every time you log into the net.
- Likewise, it’s important to be aware that seemingly peer-to-peer connections like SMS and Skype are NOT secure.
Ultimately, the foundations of digital security are not much different to physical security. If you think you’re being watched or followed, you might chose different routes to and from your residence or office. You may secure copies of important documents in a safe location. You may change the times and methods by which you travel. You may elect to travel to a safe location to file your story. You may have someone you trust monitor your routine, to see if you’re being followed by anyone else. These same principals apply on line. An oft-heard refrain from hackers, both good and evil, is that one of the reasons they do what they do is because we’ve made it so easy for them. They say the thrill is in pointing out the weaknesses in the system – but we can all take more control over our digital presence and therefore eliminate many of those weaknesses while fortifying ourselves against cyber-attack.
Eric Matthies is a documentary filmmaker based in the US. He is currently working on ‘Killing the Messenger‘, a transmedia project which focuses on the violent censorship of journalists in hostile or oppressive environments.
*Please note that The International News Safety Institute is not endorsing the links in this article and therefore cannot vouch for the validity of them. For more personal safety and security tips click here
Like this:
Like Loading...
Security in the age of digital
June 19, 2012 Leave a comment
By Eric Matthies
Security-in-a-box is one of the many tools journalists use to improve their digital security (https://security.ngoinabox.org/) (Flickr/TTC Press Images)
Stories about leaked data, digital security breaches and computer viruses that can snoop, snitch and spy fill news media on a weekly basis. A tipping point has been reached. As an increasingly digital society, we must acknowledge that our carefree days of naively entrusting information to the internet are over.
Bolstering the security of legal and financial records is at the forefront of public awareness in the digital ecosystem. One of the many awesome features of digital technology, which is often overlooked, is our ability to self-govern it. Just as driving a car can be made safer if you switch off your mobile phone and allow your voicemail and SMS storage to do their job, critical information that you enter into digital space can be easily made safe by adding a few steps to secure your data.
For journalists, protecting the digital footprint of their work has never been more important. Reporters must consider that securing not only their personal data but also that which contains information on witnesses, locations, fixers, sources and privileged facts can be a matter of life or death. Chilling stories from Syria and Iran illustrate situations where journalists’ confidential information was used by government forces to arrest and torture interview subjects. The old adage ‘every speaker is a microphone’ has never been more true; when we use the World Wide Web we are broadcasting myriad facts about our location and activities, and may even be broadcasting the very keystrokes of our writing.
While the complexities and formats of malware, spyware and digital surveillance are constantly evolving, reliable watchdogs work diligently to inform us of the latest technologies to combat these threats. There are several basic measures that everyone – particularly investigative journalists – should make use of. The CPJ Security Guide has a lengthy section on digital security, with numerous links to resources. Electronic Frontier Foundation (EFF), Securosis and SC Magazine are among other resources for reliable information. The following are some primary measures that I feel have made my own systems more secure.
- Use a random selection of upper & lower case letters, numbers and symbols.
- Use a minimum of 10-12 characters.
- If you use a multiple-password software like LastPass or OnePass, change the primary password regularly and maintain high security level settings.
- When answering ‘reminder’ questions (favorite pet, birth city, etc.) have a set of fictitious answers that you can easily recall.
Ultimately, the foundations of digital security are not much different to physical security. If you think you’re being watched or followed, you might chose different routes to and from your residence or office. You may secure copies of important documents in a safe location. You may change the times and methods by which you travel. You may elect to travel to a safe location to file your story. You may have someone you trust monitor your routine, to see if you’re being followed by anyone else. These same principals apply on line. An oft-heard refrain from hackers, both good and evil, is that one of the reasons they do what they do is because we’ve made it so easy for them. They say the thrill is in pointing out the weaknesses in the system – but we can all take more control over our digital presence and therefore eliminate many of those weaknesses while fortifying ourselves against cyber-attack.
Eric Matthies is a documentary filmmaker based in the US. He is currently working on ‘Killing the Messenger‘, a transmedia project which focuses on the violent censorship of journalists in hostile or oppressive environments.
*Please note that The International News Safety Institute is not endorsing the links in this article and therefore cannot vouch for the validity of them. For more personal safety and security tips click here
Share this:
Like this:
Filed under Advisories, Comment, Guest Posts, INSI Blog Tagged with advisory, CPJ, cyber-attack, data, digital security, EFF, online security, personal data, SC Magazine, security, Securosis, surveillance, technology